Ubuntu
samba package

usershare: insuffisant permissions for anonymous login

Bug #204703 reported by Sebastien Bacher
8
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Binary package hint: samba

Trying to connect to an usershare which uses guest_ok=y doesn't work, the samba log has permission failed error, that's likely because the usershare directory access is limited to the sambashare members and the anonymous user is not there

See original description

Related branches

lp:ubuntu/lucid/samba
Sebastien Bacher (seb128)
description: updated
Revision history for this message
Mathias Gug (mathiaz) wrote :

To reproduce:

create /var/lib/samba/usershares/test:

  #VERSION 2
  path=/tmp/test
  comment=
  usershare_acl=S-1-1-0:R
  guest_ok=y

smbclient -L //localhost lists test as a share, both in anonymous and user login.

smbclient //localhost/test works when using an account.

smbclient //localhost/test fails when logging in anonymously:
 Password:
 Anonymous login successful
 Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.28a]
 tree connect failed: NT_STATUS_ACCESS_DENIED

The following message is logged:

 [2008/03/21 18:44:21, 0] param/loadparm.c:process_usershare_file(4606)
   process_usershare_file: stat of /var/lib/samba/usershares/test failed. Permission denied

Additional information on the permissions:

$ ls -ld /var/lib/samba/usershares/
drwxrwx--T 2 root sambashare 4096 2008-03-21 18:38 /var/lib/samba/usershares/

$ ls -ld /var/lib/samba/usershares/test
-rw-r----- 1 mathiaz mathiaz 70 2008-03-21 18:38 /var/lib/samba/usershares/test

Changed in samba:
importance: Undecided → High
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 3.0.28a-1ubuntu1

---------------
samba (3.0.28a-1ubuntu1) hardy; urgency=low

  * Merge from Debian unstable, remaining changes:
    * debian/patches/VERSION.patch:
      - set SAMBA_VERSION_VENDOR_SUFFIX to Ubuntu
    * debian/smb.conf:
      - add "(Samba, Ubuntu)" to server string.
      - comment out the default [homes] shares, and add a comment about
        "valid users = %S" to show users how to restrict access to
        \\server\username to only username.
    * debian/samba-common.config:
      - do not change priority to HIGH if dhclient3 is installed
      - use priority medium instead of high for the workgroup question
    * debian/winbind.files:
      - include additional files
    * debian/patches/fix-documentation.patch:
      - fix typos in net(8) and smb.conf(5) man pages
    * debian/mksambapasswd.awk:
      - Don't add user with UID less than 1000 to smbpasswd.
    * debian/samba.init:
      - add 'status' option for LSB conformance.
    * Updated control version.
    * Set Ubuntu maintainer address.
  * Dropped changes:
    * debian/samba.if-up: this ifup hook isn't actually needed with
      current Samba.
  * Set 'usershare allow guests' by in the default smb.conf, so that
    usershare admins are allowed to create public shares too, not just
    authenticated ones (e.g., via nautilus-share). LP: #204703.

 -- Steve Langasek <email address hidden> Tue, 25 Mar 2008 19:53:09 +0000

Changed in samba:
status: Triaged → Fix Released
Revision history for this message
Ali Sabil (asabil) wrote :

This exact same bug still occurs using the latest hardy-proposed package (3.0.28a-1ubuntu4.5)

Revision history for this message
iroli (roland-lezuo) wrote :

I also stumble across this bug on ubuntu 9.04.

Revision history for this message
Thierry Carrez (ttx) wrote :

Works for me on 9.04. iroli: please open a separate bug if you want to track this one down.

Revision history for this message
Mihai Capotă (mihaic) wrote :

I also encountered this problem in Jaunty.
I created a new bug report:
https://bugs.launchpad.net/bugs/389049

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.